Cryptology ePrint Archive: Report 2020/1575

(In)security of the Radio Interface in Sigfox

Loc Ferreira

Abstract: Sigfox is a popular communication and security protocol which allows setting up low-power wide-area networks for the Internet of Things. Currently, Sigfox networks operate in 72 countries, and cover 1.3 billion people. In this paper, we make an extensive analysis of the security mechanisms used to protect the radio interface. We describe news attacks against data authenticity, which is the only mandatory security property in Sigfox. Namely we describe how to replay frames, and how to compute forgeries. In addition, we highlight a flaw in the (optional) data encryption procedure. Our attacks do not exploit implementation or hardware bugs, nor do they imply a physical access to any equipment (e.g., legitimate end-device). They rely only on the peculiarities of the Sigfox security protocol. Our analysis is supported by practical experiments made in interaction with the Sigfox back-end network. These experiments validate our findings. Finally, we present efficient counter-measures which are likely straightforward to implement.

Category / Keywords: cryptographic protocols / Sigfox, Security protocol, Internet of Things, Low-power Wide-area Network, Cryptanalysis

Original Publication (with major differences): Financial Cryptography 2021

Date: received 17 Dec 2020, last revised 18 Dec 2020

Contact author: loic ferreira at orange com

Available format(s): PDF | BibTeX Citation

Version: 20201221:073959 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]